Computers are becoming increasingly interconnected via a wide range of networks, including both public and private networks, such as local area networks (LANs), the Internet, etc. Although such interconnectivity can lead to a number of benefits, so too can it lead to problems. One predominant problem that can arise is that of security, such as how to keep a computer from accessing other computers it should not be accessing, how to keep other computers from accessing your computer, etc.
One specific area in which these security problems can arise is within “co-location facilities”. A co-location facility refers to a complex that can house multiple servers, typically coupled to the Internet. The co-location facility typically provides a reliable Internet connection, a reliable power supply, and proper operating environment. The co-location facility also typically includes multiple secure areas (e.g., cages) into which different companies can situate their servers. The particular company is then responsible for managing the operation of the servers in their server cluster. These multiple servers can then operate together to make information available to client computers via the Internet. Security within such a co-location facility, however, is very important. For example, care should be taken to ensure that servers for one company housed at the facility cannot communicate with servers for a competitor's company that are also housed at the facility.
A “firewall” may be used to provide some security for computers. However, firewalls typically operate to shield the outside world (e.g., the public Internet) from the inside world (e.g., an internal private corporate LAN). Such configurations thus do not prevent intra-LAN communications between different computers within the corporate LAN.
Further firewalls (e.g., software firewalls) could also be installed at each computer to provide security. However, current firewalls are typically designed to prevent other computers from accessing the computer that they are installed on, not restrict the computer's ability to access other computers. Some firewalls, particularly those designed for home users, also employ parental controls. Enabling parental controls allows a user of the computer (e.g., a parent) to restrict the ability of that user or others (e.g., children) to access particular World Wide Web sites on the Internet. However, such firewalls that are installed on a computer are typically managed at the computer itself. Thus, the firewalls are susceptible to being bypassed (or otherwise attacked) by a user of the computer. For example, a user may erase or disable the firewall software, a user may load another operating system that can bypass the firewall, etc. Thus, there still exists a need for improved security among interconnected computers.
The invention described below addresses these disadvantages, using packet filters and network virtualization to restrict network communications.